Just my opinion, but malisicous file extensions should be tested for and redirected before it even gets to SA. It would be beneficial if SA is your only tagging mechanism, but it needs to be redirected somewhere so it should be redirected upstream from SA. There is no excuse for filename.jpg.exe or filename.mid.cmd. Many of the marginal extensions, like .htm .html .mid, are organizational/personal policy. So you are asking the authors of SA to determine the policy of a potential virus threat. I just don't see that file extensions are a real mix with SA rules. I think that if you want SA to do it file extension checking would be better performed in custom rules.
--Larry -----Original Message----- From: Roland Lieger > There is one feature (ruleset) that I would like to see added: > _Very_simple_ malware (virus/worm/etc.) detection based on filenames. I > am not talking about fancy code analysis for all types of OS and machine > architectures (which is definitly a huge project in its own and requires > lots of manpower to keep up to date). What I want is, that Spam-Assassin > recognizes 'creative' filenames in attachments like "coolimage.jpg.exe" > or "nicesound.mid.cmd" that are designed to lure people on Windows > systems (which offers the dangerous feature to hide the extensions of > known file types, making the file names appear as "coolimage.jpg" or > "nicesound.mid") to doubleclick on the attachment meaning to view the > image or hear the tune while in reality starting an program (which then > usually does something nasty). ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
